SFTP Gateway is NOT affected by the MOVEit vulnerability – an answer to a frequently asked question

MOVEit vulnerability SFTP

Our support team at Thorn Technologies has been fielding questions about the MOVEit file transfer web application recently, with customers asking whether SFTP Gateway is affected by the recent MOVEit vulnerability

The short answer is no; SFTP Gateway is unaffected by the MOVEit vulnerability. SFTP Gateway and MOVEit are two completely different products built by two unrelated companies. SFTP Gateway does not operate in the same way MOVEit does. 

Details from the Thorn Teech support team about the MOVEit vulnerability

Here are more details from the Thorn Tech support team:

In June 2023, SQL injection vulnerabilities were identified in the MOVEit Transfer web application (CVE-2023-34362 and CVE-2023-35036). SFTP Gateway customers have reached out to us, asking about this issue.

SFTP Gateway is not affected by the MOVEit incident. MOVEit is a different product built by another company and is just one of many products in the file transfer space.

The CVE involves SQL injection sent via HTTP. SFTP Gateway does not have a web (HTTP) transfer feature and only supports the SFTP protocol. So, this CVE does not apply.

The Thorn Tech support team also recommends you do the following to ensure you’re operating SFTP Gateway in the most secure way possible. The security recommendations explained below have been our support team’s recommendation since before the MOVEit vulnerability.

Security recommendations for SFTP Gateway customers from the Thorn Tech support team

You should check that ports 443 and 2222 are locked down to only system administrator IP addresses:

  • Port 443: The web admin portal lets you manage SFTP users and map them to cloud storage locations.
  • Port 2222: You can SSH to the OpenSSH service on port 2222 for server administration. Note: port 22 denies access to the SSH protocol.

Restricting access at the EC2 Security Group level will prevent any attempts to access these privileged ports.

If you have any questions for our support team, please get in touch with them via email at support@thorntech.com. You can learn more about SFTP Gateway and the different options on the SFTP Gateway product grid on our website. SFTP Gateway is a simple, secure, affordable way to give SFTP users access to cloud storage locations

Be on the lookout for our new product, StorageLink, a web-based file transfer service coming later in 2023. Send us an email if you’re interested in being a beta tester.

Finally, stay tuned to our Knowledge Base for the latest security recommendations and helpful tips related to our file transfer products. You can also connect with us through Twitter, YouTube, and LinkedIn for all the latest news.

Get insights on SFTP Gateway, cloud computing and more, in your inbox.

Get smarter about all things tech. Sign up now!

Discover SFTP Gateway

Get real-time access to Amazon S3, Azure Blob Storage and Google Cloud Storage through any SFTP client. Manage users, credentials and folders with ease, using a simple web interface.

Try SFTP Gateway for AWS

Try SFTP Gateway for Azure

Try SFTP Gateway for Google

Learn more about SFTP Gateway

Search our blog

Recent posts

Help with an SFTP server connection

The Thorn Technologies YouTube channel is filled with videos to help you with cloud computing and file transfers. In the newest set of videos, our team walks you through how to set up an SFTP

Read More »
Scroll to Top